Skip to main content

Garbage to gold: How Yahoo unethically sells your spam email

Image used with permission by copyright holder

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Yahoo’s golden era has passed and Yahoo Mail, once considered a serious competitor to Gmail, is now far less popular. It’s unlikely that you use it for your primary email account. So why should you care about its privacy policy?

According to a report from the Wall Street Journal, Yahoo’s parent company, Verizon, knows you don’t use that old AOL or Yahoo inbox. It knows they’re just full of spam. Yet strangely enough, it’s selling data pulled from it without telling you — and staying alive by doing so.

All your mail are belong to us

The beans were spilled by a leaked Yahoo sales pitch. It detailed the tactics Yahoo uses to collect and sell personal data gained from its email accounts. It’s all laid out in explicit description, outlining not only how Yahoo mines email accounts for data, but why.

Theresa Payton, former White House Chief Information Officer to the Bush Administration. Image used with permission by copyright holder

“This isn’t a new practice,” Theresa Payton told Digital Trends. Payton is the current CEO of Fortalice Solutions and the former Chief Information Officer at the White House. “What they do is scan emails, and then group similar users together for targeting. For example, if you have receipts from purchases you’ve made on Netflix or Hulu or Amazon Prime, they will group you and other email users that have similar receipts into a group, and then sell your data to media companies, TV outlets, and the movie industry.”

On paper, Yahoo isn’t doing anything unlike what Google has done in the past. For thirteen years, Google scanned the email of Gmail accounts and sold that data to advertisers on its Google Ads platform. Considering the amount of people that use Gmail, the amount of relevant data that could be mined was mind-boggling.

That practice has since been halted due to public outcry, but companies with less to lose — like Yahoo — have picked up on the idea and run with it.

Payton believes the Yahoo situation might be more sinister. Part of the problem is the raw capability of technology, which grows year by year, both in terms of processing power and maturity. According to Payton, behavioral-based, big data analytics are at a higher level of sophistication than they were just a few years ago. They can handle more data, so they collect more data.

“That human curation is maybe where the secret sauce is.”

Yet the biggest difference in Yahoo’s implementation is the human element. “There’s also the automated scanning process and then there’s a human curation process,” she said. “That human curation is maybe where the secret sauce is. Things are going to be done to this data that are going to be unique and different from how Google used to treat email accounts in the past.”

There’s no way to know exactly what human eyes scan at Yahoo, but the company’s privacy policies make clear that humans do read some emails. The policy posted by Yahoo’s parent company, Oath, states “when users click on the Spam and Not Spam buttons, information is sent to our anti-spam team or other spam compliance service providers for manual review, and aspects of these messages may be shared […].” The policy also references “manual review” for several other reasons.

Panithan Fakseemuang/123rf

Doug Sharp, Oath’s Vice President of Data, Measurements, and Insights, defended the practice when questioned by The Wall Street Journal. “I think it’s reasonable and ethical to expect the value exchange,” said Mr. Sharp, “if you’ve got this mail service and there is advertising going on.

So, Yahoo is reading emails that arrive in the 200 million inboxes it hosts. But who uses their Yahoo or AOL email account as their primary account these days, anyways? You probably don’t use Yahoo Mail as your main account, so it’s not your concern. Right?

Maybe not. Even the junk you’ve left behind in a secondary account is good enough to sell.

Mining spam for gold

“They actually talked about how a lot of people use their platform to forward their spam mail to,” said Payton. “So, they purely use it as an email address to hand out and let a bunch of marketing material go to. And that could be super helpful to marketers.”

Yahoo knows you don’t care about your Yahoo Mail account and has turned that into a selling point for marketers. Using the same scanning, grouping, and human curation described above, Yahoo has found a way to turn junk mail into sellable data. That might not sound bad, but Payton described a situation that could quickly go from harmless to dangerous.

“This could be their survival mode project to give them the cash influx they need.”

“What if you’re subscribing to Wine & Whisky newsletters — and that information is sold to health insurance companies?” she proposed. “I’m not saying that’s what they’re doing, but the question is, once the data is sold to third-party marketers, how do you know how that data is or is not going to be used or safeguarded?”

It gets even more worrisome when you consider the company Yahoo has become. It was acquired by Verizon in 2017, where it was merged with AOL to form an umbrella corporation known as Oath. That means all the data collected from Yahoo and AOL email accounts are not only shared with third-party marketers, but also distributed throughout the massive company. We’re talking about a lot of data, and a lot of ways to put it to use.

Exploiting what few people it has left

We don’t know how successful Yahoo has been at selling people’s spam. In a post-Cambridge Analytica world, it feels a odd for a company to shamelessly mine personal data as if no one cared — and as if regulatory bodies weren’t paying attention.

Still, we shouldn’t be surprised. Yahoo, like most companies, needs to make money to justify its existence. Mining email data is another way to keep the lights on. The consequences could be severe, but anything can look viable to a company with a lot of red ink on its balance sheet.

Global PR

“Just think about the massive data breach they had and the legal fines that came from that,” said Payton. “This could be them thinking, ‘We’re sitting on a treasure trove of information that we can productize and monetize.’ This could be their survival mode project to give them the cash influx they need.”

Your Yahoo or AOL email accounts may have already been mined for data, but it’s worth heading over to deactivate it if you don’t currently use it. If you do happen to use Yahoo Mail as your primary account, we’d highly recommend disabling access to this kind of invasive scanning. It’s as easy as heading over to the Ad Interest Manager page and clicking on “Opt Out” under the Yahoo banner.

If nothing else, there’s one important lesson we can learn from all this. Data is still the most valuable commodity in the world, even if its out-of-date information tucked away in an abandoned corner of the internet.

Luke Larsen
Luke Larsen is the Senior Editor of Computing, managing all content covering laptops, monitors, PC hardware, Macs, and more.
Get ready: Google Search may bring a pure ‘AI mode’ to counter ChatGPT
AI Overviews being shown in Google Search.

It is match point Google as the tech giant prepares to introduce a new “AI Mode” for its search engine, which will allow users to transition into an atmosphere that resembles the Gemini AI chatbot interface.

According to a report from The Information, Google will add an AI Mode tab to the link options in its search results, where the “All,” “Images,” “Videos,” and “Shopping” options reside. The AI Mode would make Google search more accessible and intuitive for users, allowing them to “ask follow-up” questions pertaining to the links in the results via a chatbot text bar, the publication added.

Read more
I tested Intel’s new XeSS 2 to see if it really holds up against DLSS 3
The Intel logo on the Arc B580 graphics card.

Although it technically arrived alongside the Arc B580, Intel quickly disabled its new XeSS 2 feature shortly after it was introduced. Now, it's back via a new driver update, and with a few fixes to major crashes issues. I took XeSS 2 out for a spin with the Arc B580, which has quickly climbed up the rankings among the best graphics cards, but does XeSS 2 hold up its side of the bargain?

XeSS 2 is Intel's bid to fight back against Nvidia's wildly popular DLSS 3. The upscaling component at the core of XeSS is the same, but XeSS 2 includes both a Reflex-like latency reduction feature and, critically, frame generation. The latency reduction, called XeLL, is enabled by default with frame generation.

Read more
Windows PCs now works with the Quest 3, and I tried it out for myself
i tried windows new mixed reality link with my quest 3 alan truly sits in front of a pc and adjusts virtual screen while wear

Microsoft and Meta teamed up on a new feature that lets me use my Windows PC while wearing a Quest 3 or 3S, and it’s super easy to connect and use. I simply glance at my computer and tap a floating button to use Windows in VR on large displays only I can see.

Meta’s new Quest 3 and 3S are among the best VR headsets for standalone gaming and media consumption. When I want more performance or need to run one of the best Windows apps that aren’t yet available in VR, I can connect to a much more powerful Windows PC.
Setting up Mixed Reality Link
Scanning Microsoft's Mixed Reality Link QR code with a Meta Quest 3 Photo by Tracey Truly / Digital Trends

Read more